diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index fb0f0a1d5b..99f4d3a1a1 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/03/2017
+ms.date: 02/22/2018
 ---
 
 # AssignedAccess CSP
@@ -70,6 +70,53 @@ Supported operations are Add, Get, Delete, and Replace.
 
 Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout).
 
+<a href="" id="assignedaccess-status"></a>**./Device/Vendor/MSFT/AssignedAccess/Status**  
+Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload.
+ 
+In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode. 
+ 
+|Status  |Description  |
+|---------|---------|---------|
+| KioskModeAppRunning | This means the kiosk app is running normally. |
+| KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. |
+| KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. |
+
+Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus. 
+
+
+|Status code  | KioskModeAppRuntimeStatus |
+|---------|---------|
+| 1     | KioskModeAppRunning         |
+| 2     | KioskModeAppNotFound          |
+| 3     | KioskModeAppActivationFailure         |
+
+
+Additionally, the status payload includes a profileId, which can be used by the MDM server to correlate which kiosk app caused the error. 
+
+Supported operation is Get.
+
+<a href="" id="assignedaccess-shelllauncher"></a>**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**  
+Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema.
+
+<a href="" id="assignedaccess-statusconfiguration"></a>**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**  
+Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.
+ 
+By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node.  
+ 
+Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node. 
+ 
+This MDM alert header is defined as follows:  
+
+-  MDMAlertMark: Critical 
+-  MDMAlertType: "com.microsoft.mdm.assignedaccess.status" 
+-  MDMAlertDataType: String 
+-  Source: "./Vendor/MSFT/AssignedAccess" 
+-  Target: N/A 
+ 
+> [!Note]  
+> MDM alert will only be sent for errors.  
+
+
 ## KioskModeApp examples
 
 KioskModeApp Add
@@ -160,32 +207,29 @@ KioskModeApp Replace
     elementFormDefault="qualified"
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config"
     targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
     >
 
     <xs:complexType name="profile_list_t">
         <xs:sequence minOccurs="1" >
-            <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded">
-                <xs:unique name="duplicateRolesForbidden">
-                    <xs:selector xpath="Profile"/>
-                    <xs:field xpath="@Id"/>
-                </xs:unique>
-            </xs:element>
+            <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded"/>
         </xs:sequence>
     </xs:complexType>
+    
+    <xs:complexType name="kioskmodeapp_t">
+        <xs:attribute name="AppUserModelId" type="xs:string"/>
+    </xs:complexType>
 
     <xs:complexType name="profile_t">
-        <xs:sequence minOccurs="1" maxOccurs="1">
-            <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1">
-                <xs:unique name="ForbidDupApps">
-                    <xs:selector xpath="App"/>
-                    <xs:field xpath="@AppUserModelId"/>
-                    <xs:field xpath="@DesktopAppPath"/>
-                </xs:unique>
-            </xs:element>
-            <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
-            <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
-        </xs:sequence>
+        <xs:choice>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+            <xs:element name="KioskModeApp" type="kioskmodeapp_t" minOccurs="1" maxOccurs="1"/>
+        </xs:choice>
         <xs:attribute name="Id" type="guid_t" use="required"/>
         <xs:attribute name="Name" type="xs:string" use="optional"/>
     </xs:complexType>
@@ -193,6 +237,10 @@ KioskModeApp Replace
     <xs:complexType name="allappslist_t">
         <xs:sequence minOccurs="1" >
             <xs:element name="AllowedApps" type="allowedapps_t" minOccurs="1" maxOccurs="1">
+                <xs:unique name="ForbidDupApps">
+                    <xs:selector xpath="default:App"/>
+                    <xs:field xpath="@AppUserModelId|@DesktopAppPath"/>
+                </xs:unique>
             </xs:element>
         </xs:sequence>
     </xs:complexType>
@@ -235,22 +283,64 @@ KioskModeApp Replace
 
     <xs:complexType name="config_t">
         <xs:sequence minOccurs="1" maxOccurs="1">
-            <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
+            <xs:choice>
+                <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="UserGroup" type="group_t" minOccurs="1" maxOccurs="1"/>
+                <xs:element name="SpecialGroup" type="specialGroup_t" minOccurs="1" maxOccurs="1" />
+            </xs:choice>
             <xs:element name="DefaultProfile" type="profileId_t" minOccurs="1" maxOccurs="1"/>
         </xs:sequence>
     </xs:complexType>
 
+    <xs:complexType name="autologon_account_t">
+        <xs:attribute name="HiddenId" type="guid_t" fixed="{74331115-F68A-4DF9-8D2C-52BA2CE2ADB1}"/>
+    </xs:complexType>
+
+    <xs:complexType name="group_t">
+        <xs:attribute name="Name" type="xs:string" use="required"/>
+        <xs:attribute name="Type" type="groupType_t" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="specialGroup_t">
+        <xs:attribute name="Name" type="specialGroupType_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="groupType_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="LocalGroup"/>
+            <xs:enumeration value="ActiveDirectoryGroup"/>
+            <xs:enumeration value="AzureActiveDirectoryGroup"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="specialGroupType_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Visitor"/>
+        </xs:restriction>
+    </xs:simpleType>
+
     <!--below is the definition of the config xml content-->
     <xs:element name="AssignedAccessConfiguration">
         <xs:complexType>
             <xs:all minOccurs="1">
                 <xs:element name="Profiles" type="profile_list_t">
+                    <xs:unique name="duplicateRolesForbidden">
+                        <xs:selector xpath="default:Profile"/>
+                        <xs:field xpath="@Id"/>
+                    </xs:unique>
+                </xs:element>
+                <xs:element name="Configs" type="config_list_t">
+                    <xs:unique name="duplicateAutoLogonAccountForbidden">
+                        <xs:selector xpath=".//default:AutoLogonAccount"/>
+                        <xs:field xpath="@HiddenId"/>
+                    </xs:unique>
                 </xs:element>
-                <xs:element name="Configs" type="config_list_t"/>
             </xs:all>
         </xs:complexType>
     </xs:element>
 </xs:schema>
+
 ```
 
 ## Example AssignedAccessConfiguration XML
@@ -560,3 +650,480 @@ Example of the Delete command.
    </SyncBody>
 </SyncML>
 ```
+
+## StatusConfiguration XSD
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
+    >
+
+    <xs:simpleType name="status_enabled_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Off"/>
+            <xs:enumeration value="On"/>
+            <xs:enumeration value="OnWithAlerts"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <!--below is the definition of the config xml content-->
+    <xs:element name="StatusConfiguration">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="StatusEnabled" type="status_enabled_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+## StatusConfiguration example
+
+StatusConfiguration Add OnWithAlerts 
+
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+  <SyncBody> 
+    <Add> 
+      <CmdID>2</CmdID> 
+      <Item> 
+        <Target> 
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI> 
+        </Target> 
+        <Meta> 
+          <Format xmlns="syncml:metinf">chr</Format> 
+        </Meta> 
+        <Data> 
+          <![CDATA[ 
+          <?xml version="1.0" encoding="utf-8" ?> 
+          <StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"> 
+            <StatusEnabled>OnWithAlerts</StatusEnabled> 
+          </StatusConfiguration> 
+          ]]> 
+        </Data> 
+      </Item> 
+    </Add> 
+    <Final /> 
+  </SyncBody> 
+</SyncML> 
+```
+ 
+ 
+StatusConfiguration Delete 
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Delete> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>          
+               </Target> 
+           </Item> 
+       </Delete> 
+       <Final /> 
+   </SyncBody> 
+</SyncML> 
+```
+
+StatusConfiguration Get 
+
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Get> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>          
+               </Target> 
+           </Item> 
+       </Get> 
+       <Final /> 
+   </SyncBody> 
+</SyncML>
+```
+ 
+StatusConfiguration Replace On 
+ 
+```syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+  <SyncBody> 
+    <Replace> 
+      <CmdID>2</CmdID> 
+      <Item> 
+        <Target> 
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI> 
+        </Target> 
+        <Meta> 
+          <Format xmlns="syncml:metinf">chr</Format> 
+        </Meta> 
+        <Data> 
+          <![CDATA[ 
+          <?xml version="1.0" encoding="utf-8" ?> 
+          <StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"> 
+            <StatusEnabled>On</StatusEnabled> 
+          </StatusConfiguration> 
+          ]]> 
+        </Data> 
+      </Item> 
+    </Replace> 
+    <Final /> 
+  </SyncBody> 
+</SyncML> 
+```
+
+## Status example
+
+Status Get 
+``` syntax
+<SyncML xmlns='SYNCML:SYNCML1.2'> 
+   <SyncBody> 
+       <Get> 
+           <CmdID>2</CmdID> 
+           <Item> 
+               <Target>   
+                 <LocURI>./Device/Vendor/MSFT/AssignedAccess/Status</LocURI>          
+               </Target> 
+           </Item> 
+       </Get> 
+       <Final /> 
+   </SyncBody> 
+</SyncML> 
+```
+
+## ShellLauncherConfiguration XSD
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    xmlns:default="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    targetNamespace="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
+    >
+
+    <xs:complexType name="profile_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:choice minOccurs="1" maxOccurs="1">
+                <xs:element name="DefaultProfile" type="default_profile_t"/>
+                <xs:element name="Profile" type="profile_t"/>
+            </xs:choice>
+            <xs:element name="Profile" type="profile_t" minOccurs="0" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="default_profile_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Shell" type="default_shell_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="default_shell_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Shell" type="xs:string" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="custom_shell_t">
+        <xs:all minOccurs="1" maxOccurs="1">
+            <xs:element name="ReturnCodeActions" type="return_code_action_list_t" minOccurs="0" maxOccurs="1">
+                <xs:unique name="ForbidDuplicatedReturnCodes">
+                    <xs:selector xpath="default:ReturnCodeAction"/>
+                    <xs:field xpath="@ReturnCode"/>
+                </xs:unique>
+            </xs:element>
+            <!--if "DefaultAction" is not supplied, pre-defined default action is "restart the shell"-->
+            <xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
+        </xs:all>
+        <xs:attribute name="Shell" type="xs:string" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="default_action_t">
+        <xs:attribute name="Action" type="system_action_t" use="required"/>
+    </xs:complexType>
+
+    <xs:simpleType name="system_action_t">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="RestartShell" />
+            <xs:enumeration value="RestartDevice" />
+            <xs:enumeration value="ShutdownDevice" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="profile_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Shell" type="custom_shell_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+        <xs:attribute name="Name" type="xs:string" use="optional"/>
+    </xs:complexType>
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="return_code_action_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="ReturnCodeAction" type="return_code_action_t" minOccurs="1" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="return_code_action_t">
+        <xs:attribute name="ReturnCode" type="xs:integer" use="required"/>
+        <xs:attribute name="Action" type="system_action_t" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="config_list_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="config_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:choice minOccurs="1" maxOccurs="1">
+                <xs:element name="Account" type="account_t" minOccurs="1" maxOccurs="1">
+                    <xs:key name="mutexNameOrSID">
+                        <xs:selector xpath="."/>
+                        <xs:field xpath="@Name|@Sid"/>
+                    </xs:key>
+                </xs:element>
+                <xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
+            </xs:choice>
+            <xs:element name="Profile" type="profile_id_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="account_t">
+        <xs:attribute name="Name" type="xs:string" use="optional"/>
+        <xs:attribute name="Sid" type="xs:string" use="optional"/>
+    </xs:complexType>
+
+    <xs:complexType name="autologon_account_t">
+        <xs:attribute name="HiddenId" type="guid_t" fixed="{50021E57-1CE4-49DF-99A9-8DB659E2C2DD}"/>
+    </xs:complexType>
+
+    <xs:complexType name="profile_id_t">
+        <xs:attribute name="Id" type="guid_t" use="required"/>
+    </xs:complexType>
+
+    <!--below is the definition of the config xml content-->
+    <xs:element name="ShellLauncherConfiguration">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="Profiles" type="profile_list_t" minOccurs="1" maxOccurs="1">
+                    <xs:unique name="ForbidDuplicatedProfiles">
+                        <xs:selector xpath="default:Profile"/>
+                        <xs:field xpath="@Id"/>
+                    </xs:unique>
+                </xs:element>
+                <xs:element name="Configs" type="config_list_t" minOccurs="0" maxOccurs="1">
+                    <xs:unique name="ForbidDuplicatedConfigs_Name">
+                        <xs:selector xpath="default:Config/default:Account"/>
+                        <xs:field xpath="@Name"/>
+                    </xs:unique>
+                    <xs:unique name="ForbidDuplicatedConfigs_Sid">
+                        <xs:selector xpath="default:Config/default:Account"/>
+                        <xs:field xpath="@Sid"/>
+                    </xs:unique>
+                    <xs:unique name="ForbidDuplicatedAutoLogonAccount">
+                        <xs:selector xpath="default:Config/default:AutoLogonAccount"/>
+                        <xs:field xpath="@HiddenId"/>
+                    </xs:unique>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+## ShellLauncherConfiguration examples
+
+ShellLauncherConfiguration Add
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Add>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">chr</Format>
+        </Meta>
+        <Data>
+        <![CDATA[
+        <?xml version="1.0" encoding="utf-8"?>
+        <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
+            <Profiles>
+                <!--default profile defines default shell and action for general purposes, should NOT be bound to any account-->
+                <DefaultProfile>
+                    <Shell Shell="%SystemRoot%\explorer.exe">
+                        <!--DefaultAction is optional; if not defined, the pre-defined default action is "restart shell"-->
+                        <DefaultAction Action="RestartShell"/>
+                    </Shell>
+                </DefaultProfile>
+                <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
+                    <Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
+                        <!--ReturnCodeActions is optional, when none is provided, will always execute default action-->
+                        <ReturnCodeActions>
+                            <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
+                            <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
+                            <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
+                        </ReturnCodeActions>
+                        <!--restart device after shell exits, if its return code does not match any of the above-->
+                        <DefaultAction Action="RestartDevice"/>
+                    </Shell>
+                </Profile>
+                <Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}">
+                    <Shell Shell="%SystemRoot%\System32\cmd.exe"/>
+                    <!--DefaultAction is optional, if none is supplied, will use DefaultAction defined in DefaultProfile-->
+                </Profile>
+            </Profiles>
+            <Configs>
+                <Config>
+                    <!--AutoLogon account-->
+                    <AutoLogonAccount/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+                <Config>
+                    <!--BUILTIN\Administrators SID-->
+                    <Account Sid="S-1-5-32-544"/>
+                    <Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}"/>
+                </Config>
+                <Config>
+                    <!--local account-->
+                    <Account Name="sluser1"/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+            </Configs>
+        </ShellLauncherConfiguration>
+        ]]>
+        </Data>
+      </Item>
+    </Add>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+ShellLauncherConfiguration Add AutoLogon
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Add>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns="syncml:metinf">chr</Format>
+        </Meta>
+        <Data>
+        <![CDATA[
+        <?xml version="1.0" encoding="utf-8"?>
+        <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
+            <Profiles>
+                <DefaultProfile>
+                    <Shell Shell="%SystemRoot%\explorer.exe"/>
+                </DefaultProfile>
+                <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
+                    <Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
+                        <ReturnCodeActions>
+                            <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
+                            <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
+                            <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
+                        </ReturnCodeActions>
+                        <DefaultAction Action="RestartDevice"/>
+                    </Shell>
+                </Profile>
+            </Profiles>
+            <Configs>
+                <Config>
+                    <AutoLogonAccount/>
+                    <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
+                </Config>
+            </Configs>
+        </ShellLauncherConfiguration>
+        ]]>
+        </Data>
+      </Item>
+    </Add>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+ShellLauncherConfiguration Get
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+  <SyncBody>
+    <Get>
+      <CmdID>2</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
+        </Target>
+      </Item>
+    </Get>
+    <Final />
+  </SyncBody>
+</SyncML>
+```
+
+## AssignedAccessAlert XSD
+
+```syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema
+    elementFormDefault="qualified"
+    xmlns:xs="http://www.w3.org/2001/XMLSchema"
+    xmlns="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
+    >
+
+    <xs:simpleType name="status_t">
+        <xs:restriction base="xs:int">
+            <xs:enumeration value="0"/>
+            <xs:enumeration value="1"/>
+            <xs:enumeration value="2"/>
+            <xs:enumeration value="3"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="guid_t">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="event_t">
+        <xs:sequence minOccurs="1" maxOccurs="1">
+            <xs:element name="status" type="status_t" minOccurs="1" maxOccurs="1"/>
+            <xs:element name="profileId" type="guid_t" minOccurs="1" maxOccurs="1"/>
+        </xs:sequence>
+        <xs:attribute name="Name" type="xs:string" fixed="KioskModeAppRuntimeStatus" use="required"/>
+    </xs:complexType>
+
+    <xs:element name="Events">
+        <xs:complexType>
+            <xs:sequence minOccurs="1" maxOccurs="1">
+                <xs:element name="Event" type="event_t" minOccurs="1" maxOccurs="1"/>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 564378ac63..4d6da38792 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -7,12 +7,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/01/2017
+ms.date: 02/22/2018
 ---
 
 # AssignedAccess DDF
 
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 You can download the DDF files from the links below:
@@ -20,7 +23,7 @@ You can download the DDF files from the links below:
 - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 1803.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -48,7 +51,7 @@ The XML below is for Windows 10, version 1709.
                 <Permanent />
             </Scope>
             <DFType>
-                <MIME>com.microsoft/1.1/MDM/AssignedAccess</MIME>
+                <MIME>com.microsoft/2.0/MDM/AssignedAccess</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -111,6 +114,84 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
                 </DFType>
             </DFProperties>
         </Node>
+        <Node>
+            <NodeName>Status</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                </AccessType>
+                <Description>This read only node contains kiosk health event xml</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Permanent />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
+        <Node>
+            <NodeName>ShellLauncher</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <Description>This node accepts a ShellLauncherConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
+        <Node>
+            <NodeName>StatusConfiguration</NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                </AccessType>
+                <Description>This node accepts a StatusConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
+                <DFFormat>
+                    <chr />
+                </DFFormat>
+                <Occurrence>
+                    <One />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <CaseSense>
+                    <CIS />
+                </CaseSense>
+                <DFType>
+                    <MIME>text/plain</MIME>
+                </DFType>
+            </DFProperties>
+        </Node>
     </Node>
 </MgmtTree>
 ```
diff --git a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png b/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png
index c8db9ee059..b1ebee57d9 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png and b/windows/client-management/mdm/images/provisioning-csp-assignedaccess.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 8fdf97effb..6c82e08937 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1403,10 +1403,29 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </tr>
 </thead>
 <tbody>
+<tr>
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, next major update:</p>
+<ul>
+<li>Display/DisablePerProcessDpiForApps</li>
+<li>Display/EnablePerProcessDpi</li>
+<li>Display/EnablePerProcessDpiForApps</li>
+<ul>
+</td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)</td>
 <td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
 </td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
+<ul>
+<li>Status</li>
+<li>ShellLauncher</li>
+<li>StatusConfiguration</li>
+</ul>
+<p>Updated the AssigneAccessConfiguration schema.</p>
+</td></tr>
 </tbody>
 </table>
 
@@ -1426,7 +1445,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <tbody>
 <tr>
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
-<td style="vertical-align:top"><p>Added the following new policies for Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
 <ul>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
@@ -1539,11 +1558,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </tr>
 <tr class="odd">
 <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
-<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
-<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
 <ul>
 <li>AADSendDeviceToken</li>
 <li>BlockInStatusPage</li>
@@ -1555,7 +1574,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
-<td style="vertical-align:top"><p>Added the following nodes in Windows 10, next major update:</p>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
 <ul>
 <li>AutomaticRedeployment</li>
 <li>doAutomaticRedeployment</li>
@@ -1565,11 +1584,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
-<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td>
-<td style="vertical-align:top"><p>Added a new CSP in Windows 10, next major update.</p>
+<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
 </td></tr>
 </tbody>
 </table>
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 07dec60956..3791a903e5 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -943,6 +943,15 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Display policies
 
 <dl>
+  <dd>
+    <a href="./policy-csp-display.md#display-disableperprocessdpiforapps" id="display-disableperprocessdpiforapps">Display/DisablePerProcessDpiForApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-display.md#display-enableperprocessdpi" id="display-enableperprocessdpi">Display/EnablePerProcessDpi</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-display.md#display-enableperprocessdpiforapps" id="display-enableperprocessdpiforapps">Display/EnablePerProcessDpiForApps</a>
+  </dd>
   <dd>
     <a href="./policy-csp-display.md#display-turnoffgdidpiscalingforapps" id="display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
   </dd>
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index fbfc7878d5..481bc438d3 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,12 +6,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 02/05/2018
 ---
 
 # Policy CSP - Display
 
 
+> [!WARNING]  
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 <hr/>
 
@@ -19,6 +21,15 @@ ms.date: 01/30/2018
 ## Display policies  
 
 <dl>
+  <dd>
+    <a href="#display-disableperprocessdpiforapps">Display/DisablePerProcessDpiForApps</a>
+  </dd>
+  <dd>
+    <a href="#display-enableperprocessdpi">Display/EnablePerProcessDpi</a>
+  </dd>
+  <dd>
+    <a href="#display-enableperprocessdpiforapps">Display/EnablePerProcessDpiForApps</a>
+  </dd>
   <dd>
     <a href="#display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
   </dd>
@@ -28,6 +39,180 @@ ms.date: 01/30/2018
 </dl>
 
 
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-disableperprocessdpiforapps"></a>**Display/DisablePerProcessDpiForApps**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows you to disable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-enableperprocessdpi"></a>**Display/EnablePerProcessDpi**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Per Process System DPI is an application compatibility feature for desktop applications that do not render properly after a display-scale factor (DPI) change. When the display scale factor of the primary display changes (which can happen when you connect or disconnect a display that has a different display scale factor (DPI), connect remotely from a device with a different display scale factor, or manually change the display scale factor), many desktop applications can display blurry. Desktop applications that have not been updated to display properly in this scenario will be blurry until you log out and back in to Windows. 
+
+When you enable this policy some blurry applications will be crisp after they are restarted, without requiring the user to log out and back in to Windows. 
+
+Be aware of the following:
+
+Per Process System DPI will only improve the rendering of desktop applications that are positioned on the primary display (or any other display that has the same scale factor as that of the primary display). Some desktop applications can still be blurry on secondary displays that have different display scale factors. 
+
+Per Process System DPI will not work for all applications as some older desktop applications will always be blurry on high DPI displays. 
+
+In some cases, you may see some unexpected behavior in some desktop applications that have Per-Process System DPI applied. If that happens, Per Process System DPI should be disabled.
+
+Enabling this setting lets you specify the system-wide default for desktop applications as well as per-application overrides. If you disable or do not configure this setting, Per Process System DPI will not apply to any processes on the system.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - Disable.
+-   1 - Enable.
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="display-enableperprocessdpiforapps"></a>**Display/EnablePerProcessDpiForApps**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy allows you to enable Per-Process System DPI for a semicolon-separated list of applications. Applications can be specified either by using full paths or with filenames and extensions. This policy will override the system-wide default value.
+
+<!--/Description-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
index 16de770ebb..d3d5edf9a2 100644
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 01/26/2018
+ms.date: 02/22/2018
 ms.localizationpriority: high
 ---
 
@@ -657,7 +657,7 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
 
 <br>Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
 
-<br>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
+<br>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:<br>
 
 <br><table border="1" cellspacing="0" cellpadding="0">
 
@@ -694,6 +694,39 @@ This error has more than one possible cause. Attempt [quick fixes](#quick-fixes)
 
 <tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
 
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Code</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+0x80073BC3 - 0x20009<br>
+0x8007002 - 0x20009<br>
+0x80073B92 - 0x20009
+
+</table>
+
+<br><table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Cause</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+The requested system device cannot be found, there is a sharing violation, or there are multiple devices matching the identification criteria.
+
+</table>
+</td>
+
+<td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
+<table cellspacing="0" cellpadding="0">
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><b>Mitigation</b>
+<tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
+
+These errors occur during partition analysis and validation, and can be caused by the presence of multiple system partitions. For example, if you installed a new system drive but left the previous system drive connected, this can cause a conflict. To resolve the errors, disconnect or temporarily disable drives that contain the unused system partition. You can reconnect the drive after the upgrade has completed. Alternatively, you can delete the unused system partition.
+
+</table>
+</td>
+</tr>
+
+<tr><td align="left" valign="top" style='border:solid #000000 1.0pt;'>
+
 <table cellspacing="0" cellpadding="0">
 <tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'><B>Code</B>
 <tr><td style='padding:0in 4pt 0in 4pt;border:dotted #FFFFFF 0.0pt;'>
diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md
index 6f5966a3e8..20caac1504 100644
--- a/windows/security/threat-protection/auditing/audit-security-group-management.md
+++ b/windows/security/threat-protection/auditing/audit-security-group-management.md
@@ -31,9 +31,9 @@ This subcategory allows you to audit events generated by changes to security gro
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                         |
 |-------------------|-----------------|-----------------|------------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Member Server     | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
+| Workstation       | Yes             | No              | Yes              | No               | We recommend Success auditing of security groups, to see new group creation events, changes and deletion of critical groups. Also you will get information about new members of security groups, when a member was removed from a group and when security group membership was enumerated. <br> We recommend Failure auditing, to collect information about failed attempts to create, change, or delete new security groups.|
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/change-history-for-threat-protection.md b/windows/security/threat-protection/change-history-for-threat-protection.md
index 4fd99aa471..4c10382574 100644
--- a/windows/security/threat-protection/change-history-for-threat-protection.md
+++ b/windows/security/threat-protection/change-history-for-threat-protection.md
@@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
 New or changed topic | Description
 ---------------------|------------
 [Security Compliance Toolkit](security-compliance-toolkit-10.md) | Added Office 2016 Security Baseline.
+[Audit security group management](auditing/audit-security-group-management.md)| Added recommendation to audit Failure events.
 
 ## January 2018
 |New or changed topic |Description |
diff --git a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
index 1475541a41..be8ccb2590 100644
--- a/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
+++ b/windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
@@ -147,6 +147,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny  ID="ID_DENY_WSLHOST"           FriendlyName="wslhost.exe"                 FileName="wslhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />   
     <Deny  ID="ID_DENY_INFINSTALL"        FriendlyName="infdefaultinstall.exe"       FileName="infdefaultinstall.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_LXRUN"             FriendlyName="lxrun.exe"                   FileName="lxrun.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_PWRSHLCUSTOMHOST"  FriendlyName="powershellcustomhost.exe"    FileName="powershellcustomhost.exe" MinimumFileVersion = "65535.65535.65535.65535" />
 
     <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
     <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
@@ -437,7 +438,18 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <!--rs3 x86fre-->
     <Deny ID="ID_DENY_D_273" FriendlyName="PubPrn 273" Hash="47CBE201ED224BF3F5C322F7A49EF64469AF2E1A" />
     <Deny ID="ID_DENY_D_274" FriendlyName="PubPrn 274" Hash="24855B9CC420719D5AB93F4F1589CE09E4063E4FC98681BD91A1D18A3C8ACB43" />
-
+    <!--rs3 sxs amd64-->
+    <Deny ID="ID_DENY_D_275" FriendlyName="PubPrn 275" Hash="663D8E25BAE20510A882F6692BE2620FBABFB94E" />
+    <Deny ID="ID_DENY_D_276" FriendlyName="PubPrn 276" Hash="649A9E5A4867A28C7D0934793F33B545F9441EA23872715C84826D80CC8EC576" />
+    <!--rs3 sxs arm64-->
+    <Deny ID="ID_DENY_D_277" FriendlyName="PubPrn 277" Hash="226ABB2FBAEFC5A7E2A819D9D708F826C00FD215" />
+    <Deny ID="ID_DENY_D_278" FriendlyName="PubPrn 278" Hash="AC6B35C904D388FD12C07C2F6A1A07F337D31895713BF01DCCE7A7F187D7F4D9" />
+    <!--rs3 sxs woa-->
+    <Deny ID="ID_DENY_D_279" FriendlyName="PubPrn 279" Hash="071D7849941E43144839988971255FE34690A747" />
+    <Deny ID="ID_DENY_D_280" FriendlyName="PubPrn 280" Hash="5AF75895BDC11A6B68C816A8677D7CF9692BF25A95C4378A43FBDE740B18EEB1" />
+    <!--rs3 sxs x86-->
+    <Deny ID="ID_DENY_D_281" FriendlyName="PubPrn 281" Hash="9FBFF074C201BFEBE37710CB453EFF9A14AE3BFF" />
+    <Deny ID="ID_DENY_D_282" FriendlyName="PubPrn 282" Hash="A0C71A925850D2D481C7E520F5D5A83305EC169EEA4C5B8DC20C8D8AFCD8A512" />
   </FileRules>
   <!--Signers-->
   <Signers />
@@ -480,6 +492,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_WSLHOST"/>
           <FileRuleRef RuleID="ID_DENY_INFINSTALL"/>
           <FileRuleRef RuleID="ID_DENY_LXRUN"/>
+          <FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/>
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
@@ -754,6 +767,14 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_D_272"/>
           <FileRuleRef RuleID="ID_DENY_D_273"/>
           <FileRuleRef RuleID="ID_DENY_D_274"/>
+          <FileRuleRef RuleID="ID_DENY_D_275"/>
+          <FileRuleRef RuleID="ID_DENY_D_276"/>
+          <FileRuleRef RuleID="ID_DENY_D_277"/>
+          <FileRuleRef RuleID="ID_DENY_D_278"/>
+          <FileRuleRef RuleID="ID_DENY_D_279"/>
+          <FileRuleRef RuleID="ID_DENY_D_280"/>
+          <FileRuleRef RuleID="ID_DENY_D_281"/>
+          <FileRuleRef RuleID="ID_DENY_D_282"/>
         </FileRulesRef>
       </ProductSigners>
     </SigningScenario>